#include "flow.h"Go to the source code of this file.
Functions | |
| void | SetupFlowPS (void) |
| int | flowps_newflow_callback (FLOW_POSITION position, FLOW *flowp, int direction, time_t cur, FLOWPACKET *p) |
|
||||||||||||||||||||||||
|
The callback for the flow-portscan module This function's purpose is to do about the same thing as a traditional snort preprocessor. The only difference is that this occurs only on a specific FLOW position. This individual callback position is only valid in the "NEW" flow position. The operations are pretty much the same as laid out by Chris Green, Marc Norton, Dan Roelker Basic code flow: 1) Get the score and flag type 2) return if the score is 0 3) Get the score entry node 4) Perform time window maintence
Definition at line 605 of file flowps_snort.c. References _PS_CONFIG::alert_once, _PS_TRACKER::config, _Packet::dp, _PS_SCORE_ENTRY::fixed_scanner, _PS_SCORE_ENTRY::fixed_talker, _PS_SCORE_ENTRY::flags, FLOW_NEW, FLOW_NOTFOUND, flow_printf(), FLOW_SUCCESS, flowkey_print(), flowps_add_entry(), flowps_enabled(), flowps_entry_print(), flowps_find_entry(), flowps_fixed_winadj(), flowps_generate_flow_event(), flowps_get_score(), flowps_is_ignored_ipv4(), flowps_score_entry(), flowps_set_last_address(), flowps_sliding_winadj(), GetTcpFlags(), inet_ntoax(), _FLOWKEY::init_address, _IPHdr::ip_dst, _IPHdr::ip_src, _Packet::iph, IsTcpPacket(), _FLOW::key, _PS_CONFIG::limit_scanner, _PS_CONFIG::limit_talker, mktcpflag_str(), NULL, _PS_CONFIG::output_mode, _PS_SCORE_ENTRY::position, _FLOWKEY::resp_address, s_debug, scoreboard_move(), _PS_SCORE_ENTRY::sliding_scanner, _PS_SCORE_ENTRY::sliding_talker, _Packet::sp, _PS_TRACKER::table_active, _PS_TRACKER::table_scanner, TRACKER_ACTIVE, and TRACKER_SCANNER. Referenced by flow_callbacks(). |
|
|
Definition at line 125 of file flowps_snort.c. References FlowPSInit(), and RegisterPreprocessor(). Referenced by SetupFlow(). |
1.4.2